bind slave not get DNS update

Paul Ooi Cong Jen paulooi at takizo.com
Wed Jan 5 01:11:05 UTC 2011 

Hi Steve, 

Do you have rndc key running on your bind? 

--
Paul Ooi


On 05-Jan-2011, at 8:43 AM, Steve Zeng wrote:

> We have a BIND DNS master and Windows DNS slave running for a while. I recently configured a second DNS slave running on Linux/Centos. When I stop/start the second DNS slave. It gets all zone files correctly. However, it does not get update when I make a zone file modification and increased the sn on the master. The odd thing is, I don’t see any xfer-out log in the master(I do see the xfer-out log for the windows DNS slave, though). Googling around and search BIND maillist archive does not get much clue either… any hint is greatly appreciated..  
>  
> BIND MASTER(bind-9.3.1-20.FC4):
> ============================
> options {                                                        # this section sets the default options
>         directory "/var/named";                 # directory where the zone files will reside
>         listen-on {
>                 A.A.A.A;                                         # public IP address of the local interface to listen
>                 192.168.100.204;                         # private IP address of the local interface to listen
>                 192.168.101.204;
>         };
>         auth-nxdomain no;                           # conform to RFC1035
>         notify yes;                                            # enable AA notifies
>         allow-notify { none; };
>         allow-query { any; };                         # allow anyone to issue queries
>         recursion no;                                       # disallow recursive queries unless over-ridden below
>         version "0";                                          # obscures version reporting - can't hurt
>         zone-statistics yes;
>         statistics-file                                        "/var/named/statistics/named_stats.txt";
> };
>  
> logging{
>   channel simple_log {
>     file "log/bind.log" versions 3 size 50m;
>     severity info;
>     print-time yes;
>     print-severity yes;
>     print-category yes;
>   };
>   category default{
>     simple_log;
>   };
> };
>  
> view "office" {
>         match-clients { office_networks; };     # match hosts in acl "office_networks" above
>         recursion yes;                          # allow recursive queries
>         notify-source * port 53;
>         allow-transfer { B.B.B.0/24; C.C.C.0/24};
>         also-notify {
>                 B.B.B.B;                                # public IP of first DNS slave(windows DNS)
>                 C.C.C.C;                                # public IP of second DNS slave(Linux BIND DNS)
>         };
>         zone "mydomain.com" in {
>                 type master;
>                 file "office/mydomain.com.zone";
>         };
> };
>  
> BIND SLAVE(bind-9.3.6-4.P1.el5_5.3):
> ================================
> options
> {
>         // Those options should be used carefully because they disable port
>         // randomization
>         // query-source    port 53;
>         // query-source-v6 port 53;
>  
>         // Put files that named is allowed to write in the data/ directory:
>         directory               "/var/named"; // the default
>         dump-file               "data/cache_dump.db";
>         statistics-file         "data/named_stats.txt";
>         memstatistics-file      "data/named_mem_stats.txt";
>         allow-notify
>         {
>                 A.A.A.A;               # # public IP of master
>         };
> };
>  
> logging
> {
> /*      If you want to enable debugging, eg. using the 'rndc trace' command,
>  *      named will try to write the 'named.run' file in the $directory (/var/named).
>  *      By default, SELinux policy does not allow named to modify the /var/named directory,
>  *      so put the default debug log file in data/ :
>  */
>         channel default_debug {
>                 file "data/named.run";
>                 // severity dynamic;
>                 severity info;
>         };
> };
>  
> view "office"
> {
> /* This view will contain zones you want to serve only to "internal" clients
>    that connect via your directly attached LAN interfaces - "localnets" .
>  */
>         match-clients           { localnets; };
>         recursion yes;
>  
>         // all views must contain the root hints zone:
>         include "/etc/named.root.hints";
>  
>         include "/etc/named.rfc1912.zones";
>         // you should not serve your rfc1912 names to non-localhost clients.
>  
>         // These are your "authoritative" internal zones, and would probably
>         // also be included in the "localhost_resolver" view above :
>         zone " mydomain.com" {
>                 type slave;
>                 file "slaves/ mydomain.com.zone";
>                 masters {
>                         /* put master nameserver IPs here */
>                         A.A.A.A;
>                 } ;
>         };
> };
>  
>  
> Thanks,
>  
> Steve
>  
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110105/39be0243/attachment.html>

More information about the bind-users mailing list